Obstacles to workplace monitoring lowest in Australia: survey

Australia is the easiest place for workplace monitoring among 15 mostly Western countries surveyed, the security firm Forcepoint says, based on data collected by the legal firm Hogan Lovells.

Apart from Australia, Harriet Pearson and James Denvil looked at the US, Canada, the Netherlands, Spain, Germany, France, Italy, Finland, Singapore, Switzerland, Turkey, the UK, South Africa and Sweden.

Their intent was to examine potential legal issues for global workforce monitoring programmes.

They measured the degree of difficulty involved in monitoring the following in the workplace:

temporal metadata (e.g., logon, logoff, session length);

use of privileged access, such as to administrative accounts;

use of applications;

email communications;

employer-provided devices;

Internet browsing;

capturing on-screen activities;

keylogging;

behaviour on social media and other channels; and

employee-owned devices.

For each category, they allotted scores ranging from one to five to indicate how easy or how difficult respectively it was for an employer to carry out these procedures. A low score meant it would be easy for the employer and a higher score meant that there more requirements to be met in order to carry out the monitoring of that kind of data.

The study assumes significance in view of the fact that Australia (on 22 February) and the EU (on 25 May) plan to introduce data breach legislation this year.

In the study, Australia was given a score of 21 overall, only behind the US as far as ease of monitoring for the employer was concerned.

Australia did not score a five in any area; the highest score was four, for monitoring behaviour on social media and other channels - where express consent was needed due to "at work” considerations in certain jurisdictions - and monitoring employee-owned devices, where express consent was needed in certain jurisdictions like NSW and the ACT.

The US had the lowest score, 20. In both the areas where Australia scored a four, the US earned three.

Finland was the top scorer, with 46 out of a possible 50. The country and only earned a score of three for monitoring temporal metadata and monitoring use of privileged access, such as to administrative accounts.

Other countries where employees were better protected from snooping by their employers were Germany (42 out of 50), France (41), Italy (43), and Switzerland (40). Surprisingly, the Netherlands, Spain (33 apiece) and Sweden (32) achieved much lower scores, though two of them are in the EU and Sweden is considered a good place to live and work.

The UK got a score of 32, Canada was given 30 on par with Turkey, which again was a surprising outcome.

Pearson and Denvil suggested that employers could ask themselves the following questions to assess how reasonable it was to implement a particular tool for monitoring employees:

"Is the deployment of the tool or measure intended to address an identified cyber risk?

"Will use of the tool or measure effectively address the identified risk?

"Are there other tools or measures that could effectively address the risk in a manner that would have less of an impact on the privacy interests of workforce members?

"Will the impact on the privacy interests of workforce members outweigh the benefits to the organisation?"

The study, titled Managing Workforce Cyber Risk in a Global Landscape: A Legal Review, can be downloaded here after registration.

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.